doc/ssh_api_example/update-acme-challenge


1
2
3
4
5
6
7
pre { line-height: 125%; }
td.linenos .normal { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
span.linenos { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
td.linenos .special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
span.linenos.special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
.highlight .hll { background-color: #ffffcc }
.highlight .c { color: #888888 } /* Comment */
.highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */
.highlight .k { color: #008800; font-weight: bold } /* Keyword */
.highlight .ch { color: #888888 } /* Comment.Hashbang */
.highlight .cm { color: #888888 } /* Comment.Multiline */
.highlight .cp { color: #cc0000; font-weight: bold } /* Comment.Preproc */
.highlight .cpf { color: #888888 } /* Comment.PreprocFile */
.highlight .c1 { color: #888888 } /* Comment.Single */
.highlight .cs { color: #cc0000; font-weight: bold; background-color: #fff0f0 } /* Comment.Special */
.highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */
.highlight .ge { font-style: italic } /* Generic.Emph */
.highlight .gr { color: #aa0000 } /* Generic.Error */
.highlight .gh { color: #333333 } /* Generic.Heading */
.highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */
.highlight .go { color: #888888 } /* Generic.Output */
.highlight .gp { color: #555555 } /* Generic.Prompt */
.highlight .gs { font-weight: bold } /* Generic.Strong */
.highlight .gu { color: #666666 } /* Generic.Subheading */
.highlight .gt { color: #aa0000 } /* Generic.Traceback */
.highli#!/usr/bin/env python3
# Copyright 2019 vg
# SPDX-License-Identifier: MIT

'''\
Takes json in stdin to modify a challenge in a zone txt record.

Usage: update-acme-challenge --zones=ZONES

Options:
 --zones=ZONES  json object: {"zone-to-check": "zone-to-modify"}

Json format:
{
    "action": "add|delete",
    "zone": "zone_name_to_modify",
    "challenge": "mandatory only with add action: challenge",
}
'''


import datetime
import docopt
import json
import subprocess
import sys


def nsupdate(zone, challenge):
    content = f'''
        server ::1
        del {zone} TXT
        add {zone} 60 TXT "{challenge}"
        send
    '''
    subprocess.run(['nsupdate'], check=True, input=content, encoding='utf8')


def main():
    args = docopt.docopt(__doc__)

    jsonmap = json.loads(sys.stdin.read())

    zones = json.loads(args['--zones'])
    zone = jsonmap.get('zone', '')
    zone = zone[:-1] if zone.endswith('.') else zone
    if zone not in zones:
        raise ValueError(f'not permitted to modify zone {zone}')

    action = jsonmap.get('action', '')
    if action not in ('add', 'delete'):
        raise ValueError(f'bad value for action content: {action}')

    challenge = jsonmap.get('challenge', '')
    if not all(x.isalnum() or x in '_-' for x in challenge):
        # base64url as in acme spec
        raise ValueError('bad format for challenge content')

    nsupdate(zones[zone], challenge if action == 'add' else '')


main()